Restricted Shell for SSH Server
If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands!
Remark: rbash is not 100% secure, Server should be never reachable to Consoles from Internet!!
This does not work with installed tmux or screen, cause Users can break out of rbash!
- Login as root User on the Server
- install rbash with:
apt-get install rbash
- rename bash by:
mv /bin/bash /bin/oldbash
- Disable other Shells for User
chmod o= /bin/oldbash chmod 700 /bin/sh chmod 700 /bin/dash
- create a symlink for rbash to bash
$ln -s /bin/bash /bin/rbash
- enable rbash by system setting /etc/shells
$echo '/bin/rbash' >> /etc/shells
- set user shell to /bin/rbash
$chsh #set user shell to /bin/rbash
- Disable "chsh" Change Shell Command for Users
$chmod o= /bin/chsh
- Login as user and test linux commands..
- Purge tmux and screen Multiplexer if installed!